Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.(Citation: Microsoft Shutdown Oct 2017) Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Adversaries may attempt to shutdown/reboot a system after impacting it in other ways, such as Disk Structure Wipe or Inhibit System Recovery, to hasten the intended effects on system availability.(Citation: Talos Nyetya June 2017)(Citation: Talos Olympic Destroyer 2018)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| CVE-2018-15397 | Cisco Adaptive Security Appliance (ASA) Software | primary_impact | T1529 | System Shutdown/Reboot |
| CVE-2019-1817 | Cisco Web Security Appliance (WSA) | primary_impact | T1529 | System Shutdown/Reboot |
| CVE-2018-18995 | ABB GATE-E1 and GATE-E2 | secondary_impact | T1529 | System Shutdown/Reboot |
| CVE-2015-7925 | n/a | uncategorized | T1529 | System Shutdown/Reboot |
| action.hacking.variety.Abuse of functionality | Abuse of functionality | related-to | T1529 | System Shutdown/Reboot |
| aws_rds | AWS RDS | technique_scores | T1529 | System Shutdown/Reboot |
| amazon_inspector | Amazon Inspector | technique_scores | T1529 | System Shutdown/Reboot |